Scarborough, MAINE – Employee information, including Social Security numbers and bank account details, was compromised during a cyber breach of the employee information systems at Hannaford supermarkets and other Ahold-Delhaize USA Services companies, parent company Ahold-Delhaize said Thursday.
Scarborough, Maine-based Hannaford employs more than 4,000 at its 36 New Hampshire stores, and around 30,000 at its 189 stores in Maine, New Hampshire, Vermont, Massachusetts and New York, as well as distribution centers in Maine and New York. Dutch-Belgian company Ahold Delhaize, with U.S. headquarters in South Carolina, owns Hannaford.
The breach of data systems โby an unauthorized third partyโ affected 30 Ahold Delhaize USA Services companies, among them Hannaford, Fresh Direct, Peapod, Food Lion, Giant Food, The GIANT Company, Stop & Shop, ADUSA Distribution and ADUSA Transportation, according to information on the ADS and Hannaford websites.
The attack, which happened in November, has been under investigation since then by โexternal cybersecurity experts, coordinated with federal U.S. law enforcement. The โvast majorityโ of those affected are employees, not customers, Ahold-Delhaize said in a statement Thursday, after the eight-month investigation uncovered that personal information was compromised.
The company detected unauthorized access to some of its internal U.S. business systems shortly after it happened on Nov. 5 or 6, ADS said. It made the discovery public at the time, but said it would have to investigate to understand the scope.
Thursdayโs announcement said that since then, the review has found that the breach included personal information ofย โcertain current and former employees, their dependents and beneficiaries and others.โ It said that customer information has not been affect.
Personal information that may have been accessed includes name, contact information (postal address, email address, telephone number), date of birth, government-issued identification numbers (Social Security, passport and driverโs license numbers), financial account information (bank account, etc.), health information (workersโ compensation information and medical information contained in employment records), and employment-related information.
โThe types of impacted information vary by affected individual,โ the statement said.
Individuals whose information may have been compromised are being directly contacted, according to the statement. Ahold-Delhaize is also offering free credit monitoring and identity protection services for two years.
The investigation is โcomplex and time-intensive,โ and involves U.S. federal law enforcement, ADS said.
Since the cybersecurity issue was detected, he company โhas been working diligently to review the impacted files to understand their nature and scope, including to determine if, and to what extent, the information of individuals was affected.โ
The company has a reference guide for employees who want to sign up for the free credit monitoring. The deadline to enroll is Sept. 25.
The statement also urges anyone whoโs concerned to check their credit report for issues. Every U.S. consumer can access their credit report, for free, once a year from each of the three nationwide consumer reporting agencies โ Transunion, Experiean and Equifax. Each credit report may have different information, so itโs important to review all free. They can be accessed at annualcreditreport.com or by calling 1-877-322-8228.
โWe encourage affected individuals to remain vigilant by reviewing their account statements and monitoring their free credit reports,โ the Hannaford statement said.
A full list of the companies affected and other information is on Hannafordโs website.